A newly appointed Chief Information Security Officer (CISO) for a multinational retail corporation is tasked with overhauling the entire enterprise security program. The primary goal is to ensure the security program effectively supports the company's aggressive expansion into new online markets and its focus on a personalized customer experience. Which of the following initial actions would BEST ensure the new security program aligns with these core business objectives?
Benchmark security practices against competitors in the same industry
Focus on deploying advanced technical security solutions that address current threats
Engage with business unit leaders to understand their strategic objectives before designing security controls
Implement industry standard security frameworks based on the organization's sector
The correct answer is to engage with business unit leaders to understand their strategic objectives before designing security controls. This approach ensures that the security program is directly tied to business needs and objectives from the beginning.
Starting with business engagement allows the Chief Information Security Officer (CISO) to understand what matters most to the organization, what risks are acceptable, and how security can enable rather than hinder business functions. This creates alignment between security and business strategy by design, rather than trying to retrofit security after the fact.
The other approaches have flaws:
Implementing industry standard frameworks without consideration for specific business needs may create unnecessary controls or miss critical business-specific risks.
Focusing on technical solutions first represents a bottom-up approach that may not address business priorities.
Benchmarking against competitors may provide useful insights but does not ensure alignment with your specific organization's unique business strategy and objectives.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is engaging with business unit leaders important for a security program?
Open an interactive chat with Bash
How do industry standard frameworks differ from a business-specific security program?
Open an interactive chat with Bash
What are the risks of prioritizing advanced technical security solutions over understanding business goals?
Open an interactive chat with Bash
ISC2 CISSP
Security and Risk Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .